20 April 2018

copy file keluar dari router


- ls
Router# dir bootflash:
Directory of bootflash:/
1 -rw- 3173128 cat2948g-in-mz.120-7.W5.14.45
2 -rw- 3173364 cat2948g-in-mz.120-7.W5.14.46


- copy from bootflash to tftp server(default port 69)
Router# copy bootflash: tftp: 
Source filename []? cat2948g-in-mz.120-7.W5.14.46 
Address or name of remote host []? 171.10.0.111 
Destination filename [cat2948g-in-mz.120-7.W5.14.46]? yes

-trouble shoot.
 Need to tell router which interface should the packet use to going out.
 Router(config)#ip tftp source-interface gig0/0/0







ref:
1- https://www.cisco.com/c/en/us/support/docs/routers/12000-series-routers/15094-crashinfo.html
2- https://supportforums.cisco.com/t5/lan-switching-and-routing/error-opening-tftp-timed-out/td-p/2255647

27 March 2018

bunuh yg kebal

Not able to kill a task using kill -9




# ps aux|grep subl 

 root      3018  2.2  1.0 289008

 61872 ?        Ds   12:30   5:27 /opt/sublime_text/sublime_text 


The D in the STAT column means it's in an in "Uninterruptible sleep". That usually translates to something waiting for an IO command. These cannot be interrupted by kill.
You might be able to jimmy it back to life by unmounting your SSHFS mount.

01 February 2018

anti vm

ori: https://www.cyberbit.com/anti-vm-and-anti-sandbox-explained/




1. Checking CPU Instructions: 
The result of the following instructions with specific input can help malware identify virtual environments:
  • CPUIDThis instruction is executed with EAX=1 as input, the return value describes the processors features. The 31st bit of ECX on a physical machine will be equal to 0. On a guest VM it will equal to 1.
Anti-VM
  • “Hypervisor brand”: by calling CPUID with EAX=40000000 as input,1 the malware will get, as the return value, the virtualization vendor string in EAX, ECX, EDX.
    For example:
    • Microsoft: “Microsoft HV”
    • VMware : “VMwareVMware”
Anti-VM
  • MMX: an Intel instruction set, designed for faster processing of graphical applications. These are usually not supported in Virtual Machines so their absence may indicate that the malware is running in a VM.
    For example:
Anti-VM
  • IN – “VMWare Magic Number”: this technique is useful for detecting a VMware environment. In VMWare, communication with the host is done through a specific I/O port. The code below will execute successfully if running inside a VM. Otherwise it will fail.
Anti-VM
2. Checking for Known Mac Addresses: 
Prefixes of MAC addresses indicate the network adapter’s vendor. The MAC address can be retrieved in multiple ways, including the using of WMIC (wmic -> nic list)
  • 00:05:69 (Vmware)
  • 00:0C:29 (Vmware)
  • 00:1C:14 (Vmware)
  • 00:50:56 (Vmware)
  • 08:00:27 (VirtualBox)
3. Checking for Registry Keys 
The existence of the following registry entries indicates the existence of virtualization software:
  • HKLM\SOFTWARE\Vmware Inc.\\\Vmware Tools
  • HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0\Identifier
  • SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S
  • SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#vmwvmcihostdev
  • SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
4. Checking for Processes Indicating a VM
Any of the following processes may indicate a virtual environment. Malware can retrieve this info in multiple ways like: WMIC, Win API and CMD. WMIC (wmic -> process list), Win API (Process32First, Process32Next), and Tasklist.exe.
  • Vmware
    • Vmtoolsd.exe
    • Vmwaretrat.exe
    • Vmwareuser.exe
    • Vmacthlp.exe
  • VirtualBox
    • vboxservice.exe
    • vboxtray.exe
5. Checking for Existence of Files Indicating a VM 
When these files are found to exist in the file system, this may indicate the existence of virtualization software. These can also be retrieved in multiple ways like: WMIC, Win API and CMD.
  • VMware
C:\windows\System32\Drivers\Vmmouse.sys
C:\windows\System32\Drivers\vm3dgl.dll
C:\windows\System32\Drivers\vmdum.dll
C:\windows\System32\Drivers\vm3dver.dll
C:\windows\System32\Drivers\vmtray.dll
C:\windows\System32\Drivers\VMToolsHook.dll
C:\windows\System32\Drivers\vmmousever.dll
C:\windows\System32\Drivers\vmhgfs.dll
C:\windows\System32\Drivers\vmGuestLib.dll
C:\windows\System32\Drivers\VmGuestLibJava.dll
C:\windows\System32\Driversvmhgfs.dll
  • VirtualBox
C:\windows\System32\Drivers\VBoxMouse.sys
C:\windows\System32\Drivers\VBoxGuest.sys
C:\windows\System32\Drivers\VBoxSF.sys
C:\windows\System32\Drivers\VBoxVideo.sys
C:\windows\System32\vboxdisp.dll
C:\windows\System32\vboxhook.dll
C:\windows\System32\vboxmrxnp.dll
C:\windows\System32\vboxogl.dll
C:\windows\System32\vboxoglarrayspu.dll
C:\windows\System32\vboxoglcrutil.dll
C:\windows\System32\vboxoglerrorspu.dll
C:\windows\System32\vboxoglfeedbackspu.dll
C:\windows\System32\vboxoglpackspu.dll
C:\windows\System32\vboxoglpassthroughspu.dll
C:\windows\System32\vboxservice.exe
C:\windows\System32\vboxtray.exe
C:\windows\System32\VBoxControl.exe
6. Checking for Running Services
Identifying whether one the following processes is running indicates a virtual environment.
These can also be retrieved in multiple ways WMIC, Win API and CMD
(wmic -> Service list, sc.exe /query) 

  • VMTools
  • Vmhgfs
  • VMMEMCTL
  • Vmmouse
  • Vmrawdsk
  • Vmusbmouse
  • Vmvss
  • Vmscsi
  • Vmxnet
  • vmx_svga
  • Vmware Tools
  • Vmware Physical Disk Helper Service

26 January 2018

chanel sebelah dan larian spekulasi

side_channel dan speculative_execution

https://www.youtube.com/watch?v=mgAN4w7LH2o

gnome3 alt+tab cuurent workspace only

ciri asal gnome3 utk ALT+TAB, akan papar windows dari semua workspace.
Utk papar windows dlm workspace semasa sahaja:

gsettings set org.gnome.shell.app-switcher current-workspace-only true

16 December 2017

hidup kekal

supervisord dan daemontools expect to be a parent of the 'process' that run foreground.
monit expect process run in background and has pid file.

saya pilih supervisord

https://news.ycombinator.com/item?id=1368855

15 December 2017

ubuntu 17.10 prevent sudo display gui

y default 17.10 does not allow root to access your display.
Try the command xhost +si:localuser:root then launch gedit with root privilege.


ref: https://askubuntu.com/questions/967389/gtk-ubuntu-17-10